Cheers guys,
Love the comments and debate's you guys create here.
I will definitely be around more to ask you lot for more annoying questions
↧
General Discussion: CF or SD Card Recovery?
↧
Education and Training: Book Wishlist
Hello Friends of the Forensic World,
Today I want to see the books you guys think I should purchase in regards to digital forensics. I would like to cover the majority of the digital forensic world. Primarily my tasks include Smartphone exploitation and extraction with analysis, and HDD recovery and analysis. Sorry for all the ands
I am going to purchase a large amount of books and I would like your help on deciding what are the latest and best books out there to purchase. Books that could possible be helpful prior going to forensic courses such as FOR SANS courses, and to be fluent in the language of Digital Forensics.
↧
↧
Education and Training: Looking for a little advice.
NalakaHewa wrote:
My suggestion is to study about Sleuth Kit and Autopsy.Can you tell me how tools such as the Sleuth kit can be better than using tools from Cellebrite and oxygen? what can the open source tools do that the expensive one's can't?
Just a curious question btw. <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
↧
General Discussion: free tools for mail pst file
Check out this:
https://sourceforge.net/projects/ooconverter/
It is open source.
↧
Mobile Phone Forensics: Analyzing Android Log Files
I don't know about logs in Android showing when a screen was unlocked. If there are logs about this, I would also be interested to know about them.
With started apps direct logs or system logs could exist (or not :)). All apps with automatic updates check on startup might be logged somewhere, even if the app itself doesn't have logging.
↧
↧
Forensic Software: HDD Wiping
Vesalius wrote:
jaclaz wrote:
( BTW unneeded).
jaclaz
Just out of curiosity, will the 3 or 7 pass by the DOD work, or even the quick quick erase that comes with DBAN?
What do you mean will they work?
Each pass will be as effective asa single 00 pass (that is ALL that is needed), only it will take minimum 3 (three) to 7 (seven) times the time of a single 00 pass, and this single pass will take anyway more time (if made by a set of external commands) than the single pass initiated by the built-in Secure Erase.
In the real world, given the large sizes of common hard disks you are looking for several hours for each pass, let's say roughly 30 minutes (or more) every 100 Gb of hard disk size.
During this time the disk is continuously spinning and writing data, a good way to "stress test" it.
Hint: make sure that the drive is cooled efficiently, a good idea is to have a fan blowing on it.
Continuing to torture the poor hard disk another 2 or 6 times is consider cruelty by many <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" /> .
passcodeunlock wrote:
Let's say somebody gets access to the host protected area of a zeros-filled HDD ...and then what ? I'd be interested to know if that could be used for further data recovery ?! And if yes, how?!
I don't understand the question.
The HPA is simply an extent of the disk that is normally not exposed as part of the disk to the OS.
So, for all you know a malware may write data to an area at the end of the disk and then set it as HPA.
This area will survive any wiping done with the exposed disk as target, since the HPA is "outside" the disk.
jaclaz
↧
Mobile Phone Forensics: Micro SD Card Error
When the card has damaged (non-writable) areas for FAT, that is when you get continuously the "please format" error.
The USB host and a bad card reader can be detected easily with trial-and-error using another known to be good micro SD card.
Warning: if you really got bad hardware there, you might ruin the known to be good card as well!
↧
Classifieds: SALE: UFED Ultimate + Camera, FTK 6, ADTriage, Tableau TD3
Items for sale:
1. UFED Ultimate Kit + UFED Camera Kit. Licence expired October 2017. All cables and adapters included. Mint condition. Asking price 4,000 Euro
2. FTK 6 + AD Triage on 1 dongle. Licence expired October 2017. Asking price 4,000 Euro
3. Tableau TD3 kit with IDE and SAS modules all enclosed in a black Pelistorm hard case. Asking price 3,000 Euro
Shipping will be quoted for on request.
↧
Education and Training: Book Wishlist
Besides the theoretical and practical parts, forensics is not only a profession, where you just learn things and then reuse yourself.
Forensics is a vocation, for having great success with your work, you need a lot of knowledge and patience, so I wish you good luck there!
↧
↧
Forensic Software: UFED offline Maps?
I can confirm this, once I got devices registered for PA, the maps also got available!
↧
Mobile Phone Forensics: UFED Physical Analyzer
What is your question armresl ?
↧
Forensic Software: Guidance EnCase Vulnerabilities
Very interesting! It's a shame they are not releasing the image files - it would be good to see how other products handle this.
↧
Forensic Software: Simple Carver Suite
I don't know about another free solution, but as a feedback, Simple Carver was used with success by the LE I know.
Please consider that I'm not affiliated in any way with SC and I don't use the software myself.
↧
↧
Forensic Software: Image recognition / matching tools
passcodeunlock wrote:
I know only about payed solutions, I would be also interested to know about an open source solution like this.
I've read before about Yahoo NSFW, which is open source, but I think that could maybe partially help you only:
https://github.com/yahoo/open_nsfw
What is your recommendation for payed solution? Maybe i can consider to purchase in future
↧
Mobile Phone Forensics: Apple iPhone 5 & 6 Encrypted Backup
passcodeunlock wrote:
What are your exact device models ? What iOS runs on them ?
The models and iOS versions are:-
iPhone 5 (A1429) - iOS 9.3.2
iPhone 6s (A1688) - iOS 9.3.3
↧
Forensic Software: HDD Wiping
Passmark wrote:
But it also has to be said that detecting and removing the HPA is quick and easy. So it isn't particularly good protection.
Yes, and there is also "libata.ignore_hpa=1" Linux kernel boot option which helps overcome HPA limit even if one has no much technical knowledge.
↧
Forensic Software: HDD Wiping
Passmark wrote:
But it also has to be said that detecting and removing the HPA is quick and easy. So it isn't particularly good protection.
raydenvm wrote:
Yes, and there is also "libata.ignore_hpa=1" Linux kernel boot option which helps overcome HPA limit even if one has no much technical knowledge.Sure it is not a "good" protection, but out of the good people that use software for the 3 or 7 passes DOD wiping, it seems that none has yet mentioned the "verify if a HPA is present" on the checklist ... <img src="images/smiles/icon_wink.gif" alt="Wink" title="Wink" />
I would also be not too sure that *all* forensic software have (like - to remain between us - OsForensics has):
http://www.osforensics.com/hidden-areas-hpa-dco.html
an in-built provision for HPA and DCO.
Time to talk about disabled heads, P-lists and G-lists? <img src="images/smiles/icon_question.gif" alt="Question" title="Question" /> <img src="images/smiles/icon_eek.gif" alt="Shocked" title="Shocked" />
jaclaz
↧
↧
Digital Forensics Job Vacancies: Senior eDiscovery Managing Consultant, London, £80K-£90K
Senior eDiscovery Managing Consultant
Job Description
An International multi billion dollar consultancy firm are on the look out for Senior eDiscovery Managing Consultant to join their dynamic and developing business.
For this role candidates will be responsible for the management of multiple global clients throughout the eDiscovery project lifecycle.
Responsibilities
– Respond to client requests, manage expectations and liaise with project managers
– Use eDiscovery software to extract data and adhere to industry standards
– Manage teams across the business
To be considered candidates will need
– Experience working within an eDiscovery related role using document review applications such as Relativity, Clearwell etc
– Ability to solve complex problems, work independently and manage client expectations
– Proven experience managing teams
Other skills that’ll be highly beneficial
– Knowledge of SQL & Windows platforms
– Ability to travel when requested
If you’re looking to strive with an exceptional organisation that deal with global organisations and join a team with some of the most accomplished people with the industry then this is the role for you.
↧
Mobile Phone Forensics: Micro SD Card Error
Thanks for all of the suggestions
↧
Mobile Phone Forensics: Screen Lock Disbled ?
Larry,
This guy hadn't had a job for years. It's a Metro PCS phone on T-Mobile. Cellebrite doesn't support this specific model, but I was able to get a generic Android download of the device.
Even though I obtained the information I'm still somewhat curious as to what specifically is keeping me from disabling the PIN?
↧